Config Mgr 2012 Endpoint Protection: Enable SCEP on clients
Back to Endpoint Protection menu
Back to ConfigMgr 2012 menu
Previously we added our Endpoint Protection Point and created our own custom Antimalware Policy. We then deployed this policy to a test collection.
However none of this is of any use if we do not enable Endpoint Protection on clients.
Navigate to Administration > Site Configuration > Client Settings. As before we do not want to interfere the with Default Client Settings so we will create a Custom Client Device Settings.
Right click and choose "Create Custom Client Device Settings".
Enter a suitable name, select "Endpoint Protection" and click OK.
You receive a pop-up with client reboot information. Click OK to acknowledge.
Right click and choose Properties.
Select Yes to "Manage Endpoint Protection client on client computers"
Select Yes to "Install Endpoint Protection client on client computers".
Now right click and deploy to your test collection.
SCEP client will now be installed on all computers in the test collection when they retrieve their machine policy. They will be defined by our custom antimalware policy.
You can monitor the progress of the SCEP client installation using the EndpointProtectionAgent.log file.
Endpoint has been triggered.
SCEPInstall.exe starts. See the policy file used.
A SCEP icon will appear in the system tray. It is minimised but will open if you click on it.
You can see the application installing if you wish.
EP client is successfully installed.
SCEP 2012 icon now available.
New processes running.
New service.
New registry settings.
SCEP now completely installed on client. Let's review the settings that have been configured by policy.
Virus and spyware definitions are shown as up to date.
Quarantined items.
Settings - note they are all greyed out as there are defined by policy. Let's review the individual settings.
Scheduled Scans.
Default Actions.
Real-time protection.
Excluded files and locations.
Excluded file types.
Excluded processes.
Advanced.
MAPS.
Navigate to Monitoring > Endpoint Protection Status > System Center 2012 Endpoint Protection
Choose a collection and see the client count starting to rise.
Right click a client and see the possible console actions.
Back to ConfigMgr 2012 menu
Previously we added our Endpoint Protection Point and created our own custom Antimalware Policy. We then deployed this policy to a test collection.
However none of this is of any use if we do not enable Endpoint Protection on clients.
Navigate to Administration > Site Configuration > Client Settings. As before we do not want to interfere the with Default Client Settings so we will create a Custom Client Device Settings.
Right click and choose "Create Custom Client Device Settings".
Enter a suitable name, select "Endpoint Protection" and click OK.
You receive a pop-up with client reboot information. Click OK to acknowledge.
Right click and choose Properties.
Select Yes to "Manage Endpoint Protection client on client computers"
Select Yes to "Install Endpoint Protection client on client computers".
SCEP client will now be installed on all computers in the test collection when they retrieve their machine policy. They will be defined by our custom antimalware policy.
Endpoint has been triggered.
SCEPInstall.exe starts. See the policy file used.
A SCEP icon will appear in the system tray. It is minimised but will open if you click on it.
You can see the application installing if you wish.
SCEP 2012 icon now available.
New processes running.
New registry settings.
Virus and spyware definitions are shown as up to date.
Quarantined items.
Settings - note they are all greyed out as there are defined by policy. Let's review the individual settings.
Scheduled Scans.
Default Actions.
Real-time protection.
Excluded files and locations.
Excluded file types.
Excluded processes.
Advanced.
MAPS.
Navigate to Monitoring > Endpoint Protection Status > System Center 2012 Endpoint Protection
Choose a collection and see the client count starting to rise.
No comments:
Post a Comment